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A computerized method selectively accepts access requests 
from a client computer connected to a server computer by a 
network. The server computer receives an access request 
from the client computer. In response, the server computer 
generates a predetermined number of random characters. 
The random characters are used to form a string in the server 
computer. The string is randomly modified either visually or 
audibly to form a riddle. The original string becomes the 
correct answer to the riddle. The server computer renders the 
riddle on an output device of the client computer. In 
response, the client computer sends an answer to the server. 
Hopefully, the answer is a user's guess for the correct 
answer. The server determines if the guess is the correct 
answer, and if so, the access request is accepted. If the 
correct answer is not received within a predetermined 
amount of time, the connection between the client and server 
computer is terminated by the server on the assumption that 
an automated agent is operating in the client on behalf of the 
user. 
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METHOD FOR SELECTIVELY 
RESTRICTING ACCESS TO COMPUTER 
SYSTEMS 

FIELD OF THE INVENTION 

This invention relates generally to accessing computer 
systems using a communication network, and more particu- 
larly to accepting service requests of a server computer on 
a selective basis. 

BACKGROUND OF THE INVENTION 

The Internet is a highly-distributed computer network that 
connects computers all over the world. One way to classify 
the computers of the Internet is as client computers and 
server computers. Operators of the server computers provide 
"Internet" services and products to users of the client 
computers. The different types of client and server comput- 
ers are too numerous to detail here. 

Providers of Internet services may want to restrict access 
to their servers only to human users. That is, the providers 
would like to deny accesses made by automated "agents" 
operating on behalf of users. An agent is some software 
program, or script generator that can mimic user accesses. It 
is well known on the Internet that many agents are inten- 
tionally designed to behave in a malicious, destructive, or 
otherwise annoying "anti-social" manner. Therefore, service 
providers would like to deny access by agents. 

One reason for doing this is fairness. Automated agents 
can generate service requests at a rate thousands of times 
greater than a normal user. Therefore, it is quite possible that 
one agent can monopolize a particular service at the expense 
of the unassisted users. Fairness is particularly important if 
the provider is running a lottery, or conducting a popularity 
contest or a poll that allows a user to make multiple entries. 
As a real example, computer-generated entries in most 
sweepstake contests are now banned because of an incident 
where an agent on behalf of a contestant generated enough 
entries to claim a substantial portion of the available prizes. 

Another reason is advertising revenue. On the Internet, 
advertising revenue is usually based on the number of times 
that advertisements are displayed when service requests are 
made. Unlike displaying the advertisement to a user, dis- 
playing the advertisement to an automated agent has no 
value. Consequently, useful advertising impact is better 
estimated when accesses by automated agents are denied. 

Yet another reason is "spamming." On the Internet, spam 
is the term used to describe useless electronic messages 
(e-mail). There, a spamming agent, usually at a very low 
cost, sends a message to a large number of users. Typically, 
the "spam" is of narrow interest. The hope of the spammer 
is to make a profit even if only a small fraction of the 
recipients respond. On the Internet, spamming agents are 
generally considered counter-productive because processing 
spam wastes network resources and people's time. 
Therefore, suppressing spam generated by agents can save 
substantial resources. 

A variant of spam arises in the context of Web search 
engines, such as Digital Equipment Corporation's AltaVista 
search engine. Search engines maintain full word indexes of 
Web pages. Users submit queries to locate Web pages of 
interest. In the case where many Web pages satisfy the query, 
the result set of Web pages is rank ordered according to some 
weighted frequency metric. 

Search engines are subject to abuse, in particular by 
electronic agents. For instance, an electronic agent may 
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request the search engine to index many useless or deceptive 
Web pages to boost the visibility of a particular topic. For 
example, the agent could use AltaVista's "Add-URL" facil- 
ity to add pages to its index. Although "page-boosting" 

S cannot be entirely eliminated because users can always 
submit individual pages one at the time, denying access to 
agents will reduce this abuse to a manageable trickle. 

Agents should also be denied access to proprietary infor- 
mation. For example, a server might maintain an on-line 

10 encyclopedia, or an online collection of web pages such as 
the Yahoo service. Providers of such services would like to 
eliminate improper access to their proprietary information 
because an agent could otherwise easily obtain a large 
percentage of a database and establish a competing service. 
In all of these cases, it is difficult for the server computers 

15 to differentiate requests submitted by users from those 
generated by an agent, otherwise agents would not be a 
problem. 

On public telephone systems, a similar, although smaller 
problem exists. There, telemarketing services have used 

20 automated dialers, and tape-recorded messages to mass 
market products and services to consumers. In this highly 
regulated setting, laws have been passed banning machine - 
generated telemarketing calls. While this approach has 
worked well for telephone networks, it is unlikely to work 

25 as well in the context of the Internet and the Web because 
they have a number of characteristics that make it hard to 
effectively apply legal sanctions. 

First, it is very difficult to trace a service request back to 
its true source, physically as well as electronically. On the 

30 Web, it is very easy to start-up a Web site, and then to 
abandon it after it has been exploited. On the Web, it is not 
fly-by-night, but fly-by-seconds. In addition, enforcement of 
the laws would be extremely difficult, and perhaps not 
worthwhile. On the basis of an individual user or provider, 

35 damages can only measured in terms of the time it takes to 
dispose of unwanted spam e-mail, or the loss of small 
incremental amounts of advertising revenue, e.g., cents, or 
fractions thereof. Second, the Web and the Internet operate 
on a global basis. Legally barring automated agents would 
require the cooperation of all countries, an unlikely to occur 

40 event. 

In the prior art, some attempts have been made at recog- 
nizing and eliminating spam. However, almost all of the 
prior art methods work only for specific contexts of a 
particular service, and are not generally applicable to any 

45 type of Web server. We are aware of one prior art method 
that is applicable to any type of Web server. 

Digital Equipment Corporation offered a Web service that 
collected and displayed polling data during the primary 
elections of October 1996. In the design of this service, there 

50 was a concern that the same person could enter an opinion 
into the poll many times, particularly in cases where many 
requests came from the same network address. As a 
precaution, the service displayed an American flag in a 
random position on the screen, and then required the user to 

55 click on the flag before entering an opinion. Thus, a person 
could not quickly enter an opinion many times. However, it 
is easy to write a program that recognizes the American flag 
and simulates a click; therefore, this method does not 
effectively restrict access by electronic agents. 

60 Therefore, there is a need for a server computer to be able 
to distinguish an ordinary user from an automated agent so 
that access by the agent can be denied, and while still 
permitting access to real human users. 

65 SUMMARY OF THE INVENTION 

Provided is a method and apparatus for selectively accept- 
ing access requests from a client computer connected to a 
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server computer by a network, for example, the Internet and mouse, and output devices 116 such as a loudspeaker and a 

the World Wide Web. The connection between the client and display terminal. Software in the form of a Web browser 111, 

server can use the Internet Protocol, and the interactions for example, the Netscape Navigator, or the Microsoft 

between the client and server can be conducted using Web Internet Explorer, interacts with the I/O devices 115-116 to 

pages. 5 provide an interface between the client user and the Web 

The server computer receives an access request from the 131. 

client computer via the network. In response, the server The server computers 120 are usually larger computer 

computer generates a predetermined number of human- systems, although this does not always need to be so. Some 

perceptible random characters, for example, letters and of the servers, e.g., Web "sites " maintain a database (DB) 

numbers. The random characters are used to form a string in ™ 121 of Web pages 122. Each Web page 122 is identified and 

the server computer. can be located by its name, e.g., a Uniform Resource Locator 

The string is randomly modified either visually or audibly (^4* ^ P a g es 122 caQ include " links " to other P a S es - A 

to form a riddle. For example, the character can be visually uscr can " chck " on a nnk of a P a S e viewed Wlth the browser 

distorted and overlaid on a random visually "noisy" back- m to retrieve a linked page. 

ground such as a maze. Alternatively, the string is processed 15 Other servers maintain an index 123 of the content of Web 

by a speech synthesizer with an appropriate level of distor- pages. These servers are called search engines. Search 

tion or noise added. In any case, the original string, i.e., the engines accept search requests in the form of queries posed 

correct answer to the riddle, is still easy to recover by the by users to locate Web pages having content on a specified 

user. While automated computation of the answer will take topic. Some of the servers may provide other products and 

a substantial amount of time, if it can be done all. 20 services 124 that can be reached by using the browser 111. 

The server computer renders the riddle on an output As described above, it is fairly easy for a client user to 

device of the client computer, for example a display terminal desi S n an automated process, or script generator (agent) 119 

or a loudspeaker. In response, the client computer sends an mat perform a large number of Web interactions in a 

answer to the server. Hopefully, the answer is a user's guess short time with minimal effort. For example, the agent 119 

for the correct answer. The server determines if the guess is can automatically generate Web pages to be placed in the 

the correct answer, by comparing the answer with the index 123. Similarly, the agent 119 could easily make copies 

unmodified string. °f ^ information 124 or obtain other services. The inven- 

jf iu , Ar • t . „ t , „™oo ^ tion denies Web access by agents, and only allows access by 

If the answer is correct, then the access request is hi 

accepted. If the correct answer is not received within a 30 users tnemselves - 

predetermined amount of time, the connection between the As an introduction, and as shown in FIG. 2, our invention 

client and server computer is terminated by the server on the can be broken mt0 two P arts - A Procedure 300 randomly 

assumption an automated agent is operating in the client generates "riddles" with corresponding answers ithat are easy 

computer on behalf of the user. for human users to answen However, the riddles are very 

35 difficult to solve by the automated agent 119. An access 

BRIEF DESCRIPTION OF THE DRAWINGS protocol 500 that interacts with the riddle generator ensures 

that a server only responds to requests from clients that are 

FIG. 1 is a block diagram of a network of client and server capable of solving the generated riddles, 

computers that use the invention. Together, the procedure 300 and the protocol 500 act to 

FIG. 2 is a block diagram of a riddle generator cooper- 4Q bar requests made of the server by automated agents. We 

ating with an access protocol according to the invention; describe particular implementations for each of these parts; 

FIG. 3 is a flow diagram of a process that generates visual others are possible, but the embodiments we described 

riddles; herein are preferred. 

FIG. 4 is an image of a visually rendered riddle, and fields Generating Riddles 

for client/server interactions. 45 FIG, 3 shows the details of the procedure 300 for gener- 

FIG. 5 is a flow diagram of the preferred access protocol; atin § ridd]es - ^ io step 310, we generate human percep- 

rr^o fa o j* r n , tibit random characters 3 11. Any of the generated characters 

FIGS^6-8 are flow diagrams of alternative access proto- 3U can be Qn ^ m dcvices U6 sQ ^ , h 

' can be viewed by a user. In step 320, we select a small 

FIG. 9 is a flow diagram of a process that generates 5Q number of thc random characl6rs to form a str ing 321. 

audible riddles. ^ num t> er 0 f characters used to form the string 321 

DETAILED DESCRIPTION OF THE needs t0 be long enou & n t0 P revenl the a S ent 119 from 

PREFERRED EMBODIMENTS solving the riddles simply by using brute-force guessing 

techniques, yet not so long as to unnecessarily annoy the 

As shown in FIG. 1, a widely distributed network of 55 user. Thus, the number of characters used depends on the 

computers 100 includes numerous client computers 110 processing power of available computers and how much 

connected to server computers 120 by a network 130, e.g., time is available to solve the riddle. At this time, a string of 

the Internet. Generally, the servers 120 provide "Internet" eight characters long combined with a time limit of five 

services and products to users of the clients 110. The Internet minutes seems sufficient. 

includes an application interface called the Worldwide Web 60 In step 330, we next randomize the "appearance" of the 

(the "Web") 131. The computers communicate with each string 321 to obtain a "morphed" string 331. This can be 

other using messages that include the addresses of the done using several techniques. For example, each character 

sending and receiving computers; these addresses are called can be rendered in a different randomly selected font. The 

Internet Protocol (IP) addresses. spacing between characters can be varied depending on the 

The client computers 110 can be personal computers, 65 size of the character, and distance from a baseline to the 

workstations, or laptops. Topically, the clients 110 are character. Some of the characters can be rendered close 

equipped with input devices 115, such as a keyboard and a enough together so that they partially intersect. 
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Each character, as well as the entire string, can randomly words, it is unlikely that an agent of the client can act as an 

be stretched or distorted in any number of ways. The string imposter for the user. 

can follow a random path, e.g., rather than following a The guess is typed in the field 420, Checking of the guess 

straight path, the characters of the string can follow a curved is done in a case-insensitive manner. If the guess is correct, 

path like the letter W, although care must be taken here to 5 and a predetermined time constraint is met, then the server 

ensure that the string does not loop back on itself. The string accepts input from field 430, a URL, to add the user's Web 

can randomly be rotated around a randomly selected point; page to the search engines index. Of course, using our 

e.g., the string might be mirror-reversed. invention, the search engine can also index any other Web 

In step 340, a confusing random background 341 is pages at the same site, or perform other services, for 

chosen on which the string is overlaid; a random maze may io example, a request to delete a Web page, 

be one good choice. The characters of the string can be Riddles rendered in this form are good at separating 

rendered in various randomly chosen colors that are visually humans from electronic agents: while humans easily recog- 

distinct from the background pattern, for instance the char- nizing numbers and letters or other patterns in almost any 

acter coloring can use a different maze-type pattern. form, computerized processes can consume enormous 

Various randomly chosen combinations of these rendering 15 amount of resources and time, and yet, perform poorly at this 

techniques can be used to make it difficult to discover the task for all but the simplest problems, 

string using standard optical character recognition (OCR) Access Protocols 

techniques or segmentation techniques. A bibliography of In this section, we describe a basic communication pro- 

document image understanding references, including work tocol for using the riddles, plus some alternative embodi- 

on OCR, is available at "http://documentsxfar.umd.edu/ 20 ments. As an initial state, the server 120 possesses a master 

biblio/". secret, denoted "MS," known to it alone. The server also can 

Regardless of what combination of techniques are used, perform a cryptographic hash function H that combines 

we exclude different characters that are perceptually similar terms (Dl, D2, . . . , Dn). The cryptographic hash function 

in a string. For example, characters like "1" (lowercase 1) and can be a function such as MD5 or SHS. Hash functions 

"1 "(cme) are visually simitar. The same can be said for the 25 "scramble" bits, and as a result tampering with hashed 

letter "0, o", and the number "0" because it would be hard values is easily to detect. 

for a user to distinguish these characters. Similarly, for Cryptographic hash functions have the useful property 

characters which are indistinguishable in multiple cases, that they are hard to invert. For example, given H(D1, D2), 

e.,g. lower case "c" and upper case "C " we choose a ^ and D2, there is no efficient way to determine Dl. Crypto - 

preferred case, generating riddles only using that case for graphic hash functions are also collision-resistant in the 

those characters. The user's guess may use either case; we sense that it is hard to find two inputs that yield the same 

convert the user's guess to use the preferred case for the output. See "Applied Cryptography" by Schneier for details 

hard-to-distinguish characters before comparing the user's on known cryptographic hash functions, 

guess to the answer. 35 Basic Protocol 

In step 350, the randomly-processed string is rendered so . As shown in FIG. 5, the basic protocol between the client 

that it can be seen by a user of one of the client computers HO and the server 120 proceeds as follows. The client 110 

110. The rendering can be done on the display terminal 116 sends a request Q 510 to the server 120. For example, the 

of the client computer 110 using the browser 111. Alternative request Q 510 might be "Add my URL to your index." 

rendering techniques are described below. 4Q The server, upon receipt of the request, replies to the client 

FIG. 4 shows an example use of the randomly-generated 110 with information R, T, Q, H(S, T, Q, MS) 520, where R 

string. In this example, a portion of a Web page 400 is is the randomly- generated riddle from the string of random 

shown. The Web page 400 is constructed using Hyper-Text characters as described above. The value T is the current 

Mark-up Language (HTML) so all rendering and protocol server time, Q is the original request 510, and S is the string 

interactions can be managed from the server. The server in 45 that is used to form the riddle — that is the correct answer to 

this example is a search engine, e.g., AltaVista, The the riddle. Notice, the hashing of the combination of the 

AltaVista search engine has a feature called Add-URL that correct answer S, the values T, and the request Q, with the 

allows Web-site owners to register their site(s) with the secret MS. This information can only be used by one who 

search engine's index 123, see "http:// has possession of the master secret, i.e., the server computer. 

www.altavista.digital.com/av/content/addurl.htm". The user 50 [ n turn, the client replies to the server with A, T, Q, H(S, 

submits a URL, and the search engine indexes all Web pages ^ Q } ms) 530, where A is the user's guessed answer to the 

at this site. riddle, as typed with any hard-to-distinguish characters, case 

The Add-URL feature is subject to abuse by people who adjusted, in field 420 above. The other values are copied 

wish to unfairly increase the chances of AltaVista serving up directly from the server's reply 520. The other values can be 

their pages in response to a query. They do this by using 55 copied using HTML as stated above, so all the user needs to 

electronic agents to submit a large number of URLs for each do is to type the guess; the server controls the rest of the 

site. Our method can be used to prevent this. interaction. 

According to our invention, the page 400 fundamentally Upon receipt of the message containing the guess, the 

includes three fields 410, 420, and 430; some of these fields, server computes H(A, T, Q, MS) and compares this value 

called forms, allow user interaction — that is, the fields eo with H(S, T, Q, MS) to determine if the guess is the correct 

accept typed input from the user. The riddle is displayed in answer, i.e., the string S. If the riddle is not answered in the 

field 410. As is apparent, the human eye can easily discern required time, then the server can terminate the connection 

a sequence of letters "5@3wp %lu" among the background under the assumption the request was generated by an agent 

clutter. of the client, and not the user. Otherwise, if the riddle is 

The user easily guesses the correct answer. It is our intent 65 solved in less than the required time, for example less than 

to make it more difficult for the agent 119 of a client five minutes, the server can allow the request Q and provide 

computer to come up with the correct answer. In other a response 540. 
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Our basic protocol has the advantage of being totally server replies with R, ID 720, where R is our random riddle, 

confined to a static state, initially knowing the master secret Q is the user's actual request, and ID is a unique transaction 

and a cryptographic hash function to apply to any sequence identifier. The server stores the values ID, S, and T together; 

of bits. Other than that, the server 120 does not have to in other words, the answer and the current time are associ- 

rernember anything beyond the current message being pro- 5 ated with the ID. 

cessed according to our protocol, no matter how many The client replies A, Q, and ID 730, where A is the user's 

requests are outstanding from other users. This saves guess for the correct answer to the riddle, and ID is copied 

memory resources, and simplifies our protocol implemen- from 720. The server then compares the correct answer S of 

tation. the associated ID with the guessed answer A. If these values 

As a consequence of the static state under which our basic to are identical, and the time T is close enough to the current 

protocol operates, it cannot prevent a client from replaying time, and the server has not recendy honored a request with 

the same request Q 510 many times while solving one riddle. transaction identifier ID, then a response 740 is provided. 

The same request and answer pair can be used until the time The values ID, S, and T can be removed after the predeter- 

allotted for solving the riddle has run out. mined interval has expired, or when multiple requests are 

This is not a substantial drawback for services like a 15 received in a very short time interval, i.e., a rate which could 

search engine where repeating the same request multiple not generated by a user, but could be indicative of an 

times can be made equivalent to just doing it once; e.g., automated agent. This variation uses more state, but may be 

adding a page to the index is an idempotent operation. faster because there is no need to compute cryptographic 

Similarly, if the server maintains an on-line dictionary, an hash functions. 

agent posing as a user will derive no benefit from looking up 20 Extra space can also be used to increase security by 

the same word many times. Hence our basic protocol is also maintaining a count with each ID of how many times its 

adequate for those services. associated riddle has been guessed at. If too many wrong 

On the other hand, the scenario above is a problem in Web answers are submitted for a given riddle before the correct 

applications like computerized polling or automated con- answer is given, then service may be refused. This is 

tests. The following variation on our basic protocol remedies 25 equivalent to adding a maximum number of guesses per 

this drawback at the cost of requiring the saving of addi- riddle limit in addition to the existing maximum time limit, 

tional state information. In an alternative embodiment, we include identifications 

As shown in FIG. 6, the client sends a generic request for of the client and the server. These identifications can be 

service message Q 610 to the server. The particular request, 30 based on IP addresses, or on more elaborate cryptographic 

Q, is sent later with the guess in this variation of the credentials. Here we consider the use of IP addresses, as 

protocol. The server replies in message 620 with R, a these are most immediately applicable in the current context 

random riddle generated as described above, the current of the Web, We describe how to add the client's IP address 

server time T, and H(S, T, MS), where S is the correct answer to our basic protocol. The treatment of the other protocols is 

to R. 35 analogous. 

The client replies with A (the user's answer), Q (the Client Addresses 

particular request the user wishes granted, T, and H(S, T, As shown in FIG. 8, the client 110 sends a request Q 810 

MS), all but S copied directly from the server's reply 620. to the server 120. The server replies R, T, Q, H(S, T, Q, AC, 

The server computes H(A, T, MS) and compares this value MS) 820, where AC is the IP address of the client. In turn, 

with H(S, T, MS). If these values are identical, and the 40 the client replies to the server with A, T, Q, H(S, T, Q, AC, 

difference between T and the current server time is less than MS) 830, where all values but A are copied from 820. The 

the maximum time allowed to solve the riddle, and the server computes H(A, T, Q, AC, MS) and compares this 

server has not recently honored a request with the same value with H(S, T, Q, AC, MS) to determine if the guess is 

associated hash value H(S,T, MS), then the server carries out correct in which case the request 810 is honored. By 

the request Q and provides a response 640. 45 including the IP address AC, it can be determined when 

With this variant, the server must store a list of the H(S, messages 810 and 830 came from the same source. 

T, MS) values it has recently sent out. After the time in the Relaxed Checking 

saved hash value is older than the maximum time allowed to The above described protocol variants require the user to 

solve the riddle, the hashed value can be discarded as it is no solve one riddle for each request. It may be desirable in some 

longer needed to prevent replays. 50 cases to relax this requirement. For example, the server may 

Alternately, the server can detect replays by keeping a list present a new riddle less frequently, for example, a new 

of T' sit has recently sent out in 620. If a given T is the same random riddle is generated for each five requests. This 

as that of a request recently serviced, then the new request requires much less work of the user while still greatly 

is refused. This alternative relies on the fact that the server's limiting the abilities of automated agents. Our protocols are 

clock increments time at a fast enough rate so that no 55 easily modified to support limited replay of this form, 

user-generated requests can be received in the same clock More generally, because the majority of users are honest 

tick; in other words the value T also uniquely identifies and do not abuse servers with agents, the server can combine 

service requests. Like above, the server only needs to keep any of our protocols with a standard revokable password 

recent T values. In fact, it suffices to keep just the lower- system. A user without a valid password is required to 

order bits of the T values; that is, only those bits that change 60 answer one riddle per request. If it is determined after a trial 

during the riddle-solving time period. This reduces the period that the user is acting responsibly, then the server can 

amount of memory needed to store the states associated with issue the user with a personal password that would allow 

various user requests. users to request services without the need to solve further 

If, on the other hand, space is not an issue, it may be riddles. The password can be sent to the client using any type 

desirable to replace the value generated by the cryptographic 65 of private/public key exchange, for example, Diflie- 

hash functions with transaction identifiers as shown in FIG. Hellman. The server can subsequently monitor the rate of 

7. The client sends a generic request Q for service 710. The requests, and if the rate is indicative of an agent, the server 
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can revoke the user's password, forcing the user to start determining if the answer to the riddle is correct; and 

solving riddles again, accepting the access request if the answer is correct and 

Our method is well suited for blocking spam e-mail received within a predetermined time interval and 

because most spam messages are first messages from pre- otherwise denying the access request, wherein the 

viously unknown users. An honest user intent on sending an s access request is denied when the access request is 

e-mail message can solve our riddles without too much received from the automated agent, 

effort; however, an agent attempting to send thousands of 2 - The method of claim 1 wherein at least one visual 

messages will soon be frustrated. attribute of the string is randomly modified to form the 

We can also relax the requirement that the user answer a * ddle > and the riddle is rendered as an image on a display 

riddle for every request when the server tracks repetitive 30 device of the client computer. 

accesses by the same user. The IP address of the originating 3 The method of claim 2 wherein the modifying includes 

client can be used for this purpose, or, in the case of Web «* n ?e a «J * ec ( tive ^Uiphcity of fonts o the respective 

services, we could employ the HTTP "cookie" mechanism charac ers id the string so as to modify he at least one visual 

for this u ose see attribute of the string to form the riddle, 

«u« P ur P ose > scc ef „ tA , .. ■ _„uf™i» is 4. The method of claim 2 wherein the random characters 

http:/Avww,netscape.com/newsref/std/cookie_spec.html , , , , , t , r , 

n . a i • • ci *u *. i * r ** of the string are rendered using randomly selected fonts. 

Briefly, a cookie is a file that a server can leave in a client s _ _ & iL , _ , . _ f* . 4 , J , , 

J * . 4 . 5. The method of claim 2 wherein the random characters 

memory for subsequent examination. pi,. j 1 • j 1 i . j • r 

Other Rendering Modalities ° f tl * strm S are rendered usm 6 randomly selected sizes of 

the characters 

The riddle does not necessarily need to be presented to the . V j * , • * l • a. a u 

» • , „. A t u^ 20 6- The method of claim 2 wherein the random characters 

user as an image on a display device. Other rendering z ri1 ... * L . *i_ 

, l . * l i u ^ t of the string are rendered usmg random spacing between the 

modalities, such as text or speech, can also be used. In the & 6 ^ & 

text version, the riddle can be expressed as a natural lan- r , °J? charact ^ rs „ , u t 

t . r t ((D1 , A j t „ f 7. The method of claim 2 wherein the random characters 

guage question, for example, "Please type the third letter of . , . 

ft . V , ,f , , • j n oam<i of the string are rendered along a randomly selected path, 

the word seventeen, followed by a comma and a semi- _ _ & . , f , . - f • a. a i_ * 

, „, ... i * ■ « « • *u * in, 25 8. The method of claim 2 wherein the random characters 

colon. In this case, the string v,; is the correct answer. I ne ^ _ . . i , * , L . jii.j 

j , 4 , " p ♦ i i „ of the string are randomly rotated about a randomly selected 

server can randomly pose other types or natural language & J J 

questions. It should be noted that presenting riddles in this p0l n nl _ j * ■ • i t. • *u j u * 

^ , . r * * j ■ u 9. The method of claim 2 wherein the random characters 

manner may be easier for agents to decipher. ? t * • 11- ji i.ji 

T j. ■ u • ^ Tr , q f . of the stnng are rendered using randomly selected colors. 

In the audio version as shown in FIG. 9, the string * rt ™_ iL j,-,-^^ - ■ *i_ j u 

nin _. j 4 . m V a u 30 10. The method of claim 2 wherein the random characters 

generator 910 produces a random stnng 911. A speech JU - , , . . , , t . JU , A 

*u • om- At ^ fk . v 011 (n of the string are overlaid on a randomly selected background 

synthesizer 920 is used to convert the stnng 911 to an audio . . & J b . 

file 921. The audio file is then distorted by a noise generator m „ e ™ age ' , * , • i A u • *u w i ^* 

930 to produce a noisy string 931. Last, the string is rendered ^ ™ e metho f ° f claim 10 wherem the back S™ nd is a 

(940) on the loudspeaker 116 of the client as audible text randomly generated maze. 

it _ . . Jt _ „ . 35 12. The method of claim 1 wherein similarly appearing 

Thus, the invention can be used by visually-impaired users. ^ J . . - , f _ .. .. 

n • * j ji t . f M Ti« Pn i 1M u t , random characters are discarded before forming the string. 

Our invention poses nddles that are dimcult to solve by . , . , . . , . . to . . = 

. 4 . , . t j , % . 13. The method of claim 1 wherein the nddle is a natural 

agents, but easy to answer by humans. In addition, we . t . . , 

provide a secure protocol to interact with the user. Ttese lan^queston rendered as t 6 «. 

£ 4 r , , i » 14. The method of claim 1 wherein at least one audio 

features permit a server to selectively give service only to „ j 1 a * c .x. 

hum ns 40 attribute of the stnng is randomly modified to form the 

Tfe understood that the above-described embodiments are ^ a ° d the t , r u iddl f. » rendere , d 38 111 audio ^ a 

simply illustrative of the principles of the invention. Various louospeaker of the chent computer. .. ... 

other modifications and changes may be made by those «• T be , m , e * od of claim 1 wherein the audl ° Slgnal 15 

skilled in the art which will embody the principles of the tMyWortcd 

invention and fall within the spirit and scope thereof as set « The method ctaim 15 wherem random noise u added 

out in the claims attached. ,0 £ e ^ d,c «gf . 

We claim- e melri0 ^ °^ c ^ aim ^ further including: 

1. 6 A computerized method for selectively accepting sending a first message to the client computer in response 

access requests from a client computer connected to a server to receiving the access request from the client 

computer by a network, comprising: 50 computer, the first message including the random char- 

4 . * p „ acters of the string in the modified form of the riddle, 

receivine an access request in the server computer from , . v j L * *u 

,r . • iL . i a current time supplied by the server computer, the 

the client computer via the network; . J c • i a- r , i . 

r ' access request, and further includmg a first encoded 

generating a predetermined number of random characters value of a combination of the string| the current time , 

to form a string in the server computer in response to 5S ^ access fequest and a mastef semi possessed by the 

the access request; server computer, 

modifying at least one perceptual attribute of the string of ig method of claim 17 wherein the encoded value is 

random characters to form a riddle configured to be generated by applying a hash function on the combination of 

easily answered by a human being with no advance tne string, the current time, the access request and the master 

knowledge of the riddle while being substantially dif- 60 sccre t. 

ficult to answer by an automated agent unaided by \g ybe me thod of claim 18 further including receiving a 

human being, the string being a correct answer to the second message from the client computer, the second mes- 

nddle; sage including the answer, the current time supplied by the 

rendering the riddle on an output device of the client server, the access request, and the encoded value. 

computer; 65 20. The method of claim 19 further including comparing 

receiving an answer to the riddle from the client com- a second encoded value computed by applying the hash 

puter; function to a combination of the answer, the current time, the 
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access request, and the master secret with the first encoded 33. The method of claim 1 further including: 

value to determine if the answer is identical to the string. sending a first message to the client computer in response 

21. The method of claim 20 further including terminating to receiving the access request from the client 
the connection between the client computer and the server computer, the first message including the random char- 
computer after the predetermined time interval from the 5 acters of the string in the modified riddle form, a 
current time of the first message. current time supplied by the server computer, the 

22. The method of claim 2 wherein the client computer access request, an address of the client computer, and 
and the server computer are connected by the Internet, and further including a first encoded value of a combination 
the string is rendered using a Web page. of the string, the current time, the access request, the 

23. The method of claim 1 further including: 1Q address, and a master secret possessed by the server 
sending a first message to the client computer in response computer. 

to receiving the access request from the client 34. The method of claim 32 wherein the encoded value is 

computer, the first message including the random char- generated by applying a hash function on the combination of 

acters of the string in the modified riddle form, a the string, the current time, the access request, the address 

current time supplied by the server computer, and and the master secret, 

further including a first encoded value of a combination 15 35. The method of claim 33 further including receiving a 

of the string, the current time, and a master secret second message from the client computer, the second mes- 

possessed by the server computer; and sage including the answer, the current time supplied by the 

storing the first encoded value in a memory of the client server, the access request, and the encoded value. 

computer 36 The metnod of claim 34 further including comparing 

24. The method of claim 23 further including: 20 * second encoded va ! ue computed by applying the hash 

, # ,u i- . * *u function to a combination of the answer, the current time, the 

receiving a second message from the client computer, the ^ ^ ^ ^ ^ ^ ^ 

second message including the answer, the current time fifst enco(Jed yalue tQ detcrmine if lhe answer is identical to 

supplied by the server, and the encoded value. ^ strm g 

25. The method of claim 24 further including comparing %s 37 ^ raetQO a 0 f claim 35 wherein the access request is 
a second encoded value computed by applying the, hash accepted if the second message including the correct answer 
function to a combination of the answer, the current time, ^ received within the predetermined time interval from the 
and the master secret with the stored first encoded value to current time supplied by the server computer, 
determine if the answer is identical to the string. 38. The method of claim 36 further including terminating 

26. The method of claim 25 wherein the first encoded 3Q the connection between the client computer and the server 
value is removed from the memory after a first predeter- computer after the predetermined time interval from the 
mined time interval. current time of the first message. 

27. The method of claim 26 further including: 39. The method of claim 1 further including: 
terminating the connection between the client computer accepting a predetermined number of access requests after 

and the server computer if another access request is 35 the correct answer is received before rendering an 

from the client within a second predetermined time additional riddle. 

interval, the second predetermined time interval being 40. The method of claim 1 further including: 

substantially less than the first predetermined time sending a password to the user if a predetermined number 

interval. . of access requests are accepted from the client; and 

28. The method of claim 1 further including: 40 accepting additional access requests from the client if the 
sending a first message to the client computer in response .additional access requests are received along with the 

to receiving the access request from the client password. 

computer, the first message including the random char- 41. The method of claim 40 further including: 

acters of the string in the modified riddle form, and a revoking the password if the rate at which the additional 

transaction identifier; and 45 access requests are received is less than a predeter- 

storing the string and a current time of the server with an mined threshold. 

associated transaction identifier in a memory of the 42. The method of claim 1 wherein the access request is 

client computer. an electronic mail message. 

29. The method of claim 28 further including: 43. The method of claim 1 wherein the server computer is 
receiving a second message from the client computer, the 50 a search engine, and the access request is to add a Web page 

second message including the answer, the access to an index of the server computer. 

request, and the transaction identifier. 44. The method of claim 1 wherein the server computer 

30. The method of claim 29 further including comparing stores information, and the access request is to read the 
the answer with the stored string of the associated transac- information. 

tion identifier to determine if the answer is identical to the 55 4S - The method of claim 1 wherein the access request is 

string. a response from the client computer to a poll generated by 

31. The method of claim 30 wherein the access request the server computer. 

and the associated transaction identifier are removed from 46. The method of claim 1 wherein the access request is 

the memory after a first predetermined time interval from the an entry for a contest operated by the server computer, 

current time of the first message. 60 47 • ^ apparatus for accepting access requests from a 

32. The method of claim 31 further including: client computer connected to a server computer by a 
terminating the connection between the client computer network, comprising: 

and the server computer if another access request is means for receiving an access request in the server 

from the client within a second predetermined time computer from the client computer via the network; 

interval, the second predetermined time interval being 65 a random character generator generating a predetermined 

substantially less than the first predetermined time number of random characters to form a string in the 

interval. server computer in response to the access request; 



12/19/2003, EAST version: 1.4.1 



US 6,195,698 Bl 



13 



14 



means for modifying at least one perceptual attribute of 
the string of random characters to form a riddle con- 
figured to be easily answer by a human being with no 
advance knowledge of the riddle while being substan- 
tially difficult to answer by an automated agent unaided 
by a human being, the string being a correct answer to 
the riddle; 

means for rendering the riddle on an output device of the 
client computer, a correct answer to the riddle being the 
string; 

means for receiving an answer to the riddle from the client 
computer; 

means for determining if the answer to the riddle is 
correct; and 

means for accepting the access request if the answer is 
correct and received within a predetermined time inter- 
val and otherwise denying the access request, wherein 
the access request is denied when the access request is 
received from the automated agent. 

48. A computer program product for use in conjunction 
with a computer system, the computer program product 
comprising a computer readable storage medium and a 
computer program mechanism embedded therein, the com- 
puter program mechanism for selectively accepting access 
requests from a client computer connected to a server 
computer by a network, the computer program mechanism 
comprising: 

instructions that receive an access request in the server 
computer from the client computer via the network; 

instructions that generate a predetermined number of 
random characters to form a string in the server com- 
puter in response to the access request; 

instructions that modify at least one perceptual attribute of 
the string of random characters to form a riddle con- 
figured to be easily answered by a human being with no 
advance knowledge of the riddle while being substan- 
tially difficult to answer by an automated agent unaided 
by a human being, the string being a correct answer to 
the riddle; 

instructions that render the riddle on an output device of 

the client computer; 
instructions that receive an answer to the riddle from the 

client computer; 
instructions that determine if the answer to the riddle is 

correct; 

instructions that accept the access request if the answer is 
correct and received within a predetermined time inter- 
val and that otherwise deny the access request, wherein 
the access request is denied when the access request is 
received from the automated agent. 

49. The computer program product of claim 48 wherein 
the instructions that modify the string randomly modify at 
least one visual attribute of the string to form the riddle and 
the instructions that render the riddle render the riddle as an 
image on a display device of the client computer. 

50. The computer program product of claim 49 wherein 
the instructions that modify the string assign a respective 
multiplicity of fonts to the respective characters in the string 
so as to modify the at least one visual attribute of the string 
to form the riddle. 

51. The computer program product of claim 49 wherein 
the instructions render the random characters of the string 
using randomly selected fonts. 

52. The computer program product of claim 49 wherein 
the instructions render the random characters of the string 
using randomly selected sizes of the characters. 
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53. The computer program product of claim 49 wherein 
the instructions render the random characters of the string 
using random spacing between the random characters. 

54. The computer program product of claim 49 wherein 
the instructions render the random characters of the string 
along a randomly selected path. 

55. The computer program product of claim 50 wherein 
the instructions render the random characters of the string 
rotated about a randomly selected point. 

56. The computer program product of claim 50 wherein 
the instructions render the random characters of the string 
using randomly selected colors. 

57. The computer program product of claim 50 wherein 
the instructions that render overlay the random characters of 
the string on a randomly selected background in the image. 

58. The computer program product of claim 57 wherein 
the background is a randomly generated maze. 

59. The computer program product of claim 48 further 
comprising instructions that discard similarly appearing 
random characters before forming the string, 

60. The computer program product of claim 48 further 
comprising: 

instructions that send a password to the user if a prede- 
termined number of access requests are accepted from 
the client; and 

instructions that accept additional access requests from 
the client if the additional access requests are received 
along with the password. 

61. The computer program product of claim 60 further 
including instructions that revoke the password if the rate at 
which the additional access requests are received is less than 
a predetermined threshold. 

62. A computer system for selectively accepting access 
requests from a client computer connected to a server 
computer by a network, comprising: 

a memory; and 

a processor to execute instructions stored in the memory, 
wherein the memory stores instructions that: 
receive an access request in the server computer from 

the client computer via the network; 
generate a predetermined number of random characters 
to form a string in the server computer in response to 
the access request; 
modify at least one perceptual attribute of the string of 
random characters to form a riddle configured to be 
easily answered by a human being with no advance 
knowledge of the riddle while being substantially 
difficult to answer by an automated agent unaided by 
a human being, the string being a correct answer to 
the riddle; 

render the riddle on an output device of the client 
computer; 

receive an answer to the riddle from the client com- 
puter; 

determine if the answer to the riddle is correct; and 
accept the access request if the answer is correct and 
received within a predetermined time interval and 
otherwise deny the access request, wherein the 
access request is denied when the access request is 
received from the automated agent. 

63. The computer system of claim 62, the memory further 
storing instructions that modify the string randomly modify 
at least one visual attribute of the siring to form the riddle 
and the instructions that render the riddle render the riddle 
as an image on a display device of the client computer. 

64. The computer system of claim 63, wherein the instruc- 
tions that modify the string assign a respective multiplicity 
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of fonts to the respective characters in the string so as to 
modify the at least one visual attribute of the string to form 
the riddle. 

65. The computer system of claim 63, the memory further 
storing instructions that render the random characters of the 5 
string using randomly selected fonts. 

66. The computer system of claim 64, the memory further 
storing instructions that render the random characters of the 
string using randomly selected sizes of the characters. 

67. The computer system of claim 64, the memory further 10 
storing instructions that render the random characters of the 
string using random spacing between the random characters. 

68. The computer system of claim 64, the memory further 
storing instructions that render the random characters of the 
string along a randomly selected path. is 

69. The computer system of claim 64, the memory further 
storing instructions that render the random characters of the 
string rotated about a randomly selected point. 

70. The computer system of claim 64, the memory further 
storing instructions that render the random characters of the 20 
string using randomly selected colors. 
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71. The computer system of claim 64, the memory further 
storing instructions that overlay the random characters of the 
string on a randomly selected background in the image. 

72. The computer system of claim 71 wherein the back- 
ground is a randomly generated maze. 

73. The computer system of claim 62, the memory further 
storing instructions that discard similarly appearing random 
characters before forming the string. 

74. The computer system of claim 62, the memory further 
storing instructions that: 

send a password to the user if a predetermined number of 
access requests are accepted from the client; and 

accept additional access requests from the client if the 
additional access requests are received along with the 
password. 

75. The computer system of claim 74, the memory further 
storing instructions that revoke the password if the rate at 
which the additional access requests are received is less than 
a predetermined threshold. 

* + * * * 
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